Citrix ADC Review

SSL VPN works very well; it's easy to set up and you can go very granular with it

What is our primary use case?

There have been several uses, but mostly in a data center where security is required and where they can utilize a lot of load-balancing services.

What is most valuable?

As an architect, I have deployed it in so many areas. Some like to use the SSL portion of it, others, they use the load-balancing. It does a lot more than what people use it for. The one feature that works really well is the SSL VPN. It's very easy to set up and you can go very granular with it. You can define what user groups get what kind of access and the management overhead is very low.

What needs improvement?

The customization has always been a key area where some improvements are required. In the beginning, everything was for customizing the outer shell of it. You had to use the command-based utility and you had to do a lot of manual work. They have improved it a little bit and now there are some GUI-based functionalities that can be used. However, more can be done that doesn't require a lot of intervention. Right now there are some features, there are some customizations that can be done, but it's still very tedious, very cumbersome, a lot of work. So that could be simplified.

There is one other thing that I would like to address. In every release - and it doesn't matter if it's a minor release or a major release - they keep moving things around and they keep changing the mechanism. So certain things can work in one version one way, and everything works really well, then when you upgrade it to the next version, it breaks everything because they have a new way of doing it. I don't know what can be done in that regard. I have seen it many times: A solution is working fine and then, all of a sudden, you upgrade and bam, now you have to redo everything a different way.

In addition, if they could make the following improvement they would push out more NetScaler. The industry needs to know, or people need to know that NetScaler is not designed just for Citrix products like XenApp and XenDesktop, it can be utilized for everything.

Other than that, the core of the product, or the engine, fits really well. It works well, it's doing really well so I don't see any improvements that are required there.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

In connection with what I mentioned in the "Room For Improvement" section, you can go ahead and create some VPN policies that may work really well, just the way you want. For example in version 10.1, the solutions were working just fine. As soon as you upgraded to 11, those solutions were no longer working. You had to go back and redo everything and change the priorities and such.

What do I think about the scalability of the solution?

As long as you choose the right model for a certain use case, you're good to go.

How are customer service and technical support?

Surprisingly, tech support for NetScaler has been amazing. I have always been able to find, say 95 percent of the time, really good engineers and have been able to get good support. In that regard, there has been much improvement.

In the past, two years back and before that, the support was really not great. Every now and then you would run into some good engineer but the rest of them were pretty basic. They would waste your time. For about a year, a year and a half now, I have been getting really good support.

Which solution did I use previously and why did I switch?

It's not that I have used other solutions, it's just that in most environments where I have had to do my job or to come up with solutions as a solutions architect, the preferred technology was NetScaler; if not, I would suggest they use it.

However, if they had anything else, for example, F5 or A10 - if that was their preferred method - I have used those as well. So it's not up to me. But for a new customer, for a new build, my suggestion has been to go with NetScaler even if they didn't have Citrix.

The biggest misconception in the industry is that you need NetScaler if you have Citrix in your environment. And if you have any other solution, let's says VMware Horizon View, you want to use something else. But they don't realize you can use NetScaler regardless of whether you have Citrix or not.

It's not that I have switched, I have always used many different technologies, but this happens to be one of my favorites and it's one of the technologies I've been working with for a long time.

How was the initial setup?

It is complex technology and it has always been that way. You really have to know NetScaler well in order for you to capitalize on it. Even though they have given you installation wizards to make things easy, it is still like a hybrid of network and systems all in one package. So you have to know a lot about networking and a lot about systems. In my case, I have been installing this for a long time so for me, it's really not that big of a deal. But for new users, even when they come back after training or even if I have trained them, it takes them a long time before they can get comfortable with it because, as I said earlier, it's a beast of a technology, it has so much in it.

What's my experience with pricing, setup cost, and licensing?

It is true that it is a bit pricey compared to newer technologies coming to the market. For example, A10 is a load balancer that does everything that Citrix can and it does a lot more than what NetScaler does when it comes to the security space, and their prices are so cheap. Every box comes with its own license and support built into it.

When you compare that with NetScaler, you have to buy licenses separately, you have to buy a support agreement that is going to be separate. A small NetScaler, even if it is a VPX which is a virtual server, could cost you close to $150,000 to $200,000 dollars. So the pricing is really high.

The pricing has to come down. They usually have three-year or five-year subscriptions. I sold one to a hospital and the model that they went with cost them $500,000. That's ridiculous. It doesn't have to be so expensive because then a lot of people shy away from buying it. Their budgets are not that huge and so they have to look for financing options. A10 comes with the licenses. I don't know if they can come up with a model that every NetScaler comes with its license. Maybe, depending on however many users people want to put on it, they can have a different type of license and it can be cheaper.

Which other solutions did I evaluate?

As a solutions architect, when I go to a customer and they tell me: these are the things that we want to do and this is the budget we have, depending upon their budget, I have to choose what is available and what they can afford. In some cases, if they can not afford NetScaler, I have to choose another load balancer for them.

There are SSL offloading options, you have your URL redirects, VPN, SSL VPN. These are the four major options. A lot of people use web traffic so the rewrite and such, those are all part of their web filtering or enhancement.

What other advice do I have?

Every product keeps improving every day and every year. The reason this has been a big technology piece in most data centers is because of the uniqueness of what it does. It's a beast of a technology but most companies, most organizations, they only use maybe 10 percent of it. But it's very popular and it's getting even more popular now that Cisco has started using this product in their UCS.

It's a very heavy-duty product, so if you have a lot of utilization, or if you can use at least half of it, then it's worth buying. It's a very robust and solid product but it really depends upon what the use case is and, of course, the budget.

Once you set it up correctly you never have to go back to change anything ever again. It works as it's supposed to and it's very dependable.

**Disclosure: My company has a business relationship with this vendor other than being a customer: A company with which I'm associated as a contractor is a Citrix partner.
More Citrix ADC reviews from users
...who work at a Financial Services Firm
...who compared it with F5 BIG-IP
Add a Comment